Bug 26684 - package/deliver univention-support-info
package/deliver univention-support-info
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Sysinfo
UCS 5.0
Other Linux
: P5 enhancement (vote)
: UCS 5.0-2-errata
Assigned To: Nikola Radovanovic
Florian Best
https://github.com/nstoeckigt/univent...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-01 21:12 CEST by Ingo Steuwer
Modified: 2022-11-15 18:03 CET (History)
13 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2012020721003071, 2016062421000429,
Bug group (optional): External feedback
Max CVSS v3 score:


Attachments
univention-support-info (5.60 KB, text/x-python)
2018-02-07 14:00 CET, univention
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ingo Steuwer univentionstaff 2012-04-01 21:12:34 CEST
Angesprochen im Rahmen von 2012020721003071

Der Download von univention-support-info in Umgebungen mit vielen Servern/ohne Internetzugang ist mühsam. Der Kunde würde eine paketierte Version bevorzugen, die automatisch installiert wird.
Comment 1 Janis Meybohm univentionstaff 2012-04-02 08:12:21 CEST
(In reply to comment #0)
> Der Download von univention-support-info in Umgebungen mit vielen Servern/ohne
> Internetzugang ist mühsam. Der Kunde würde eine paketierte Version bevorzugen,
> die automatisch installiert wird.

Wir hatten uns dagegen entschieden weil wir das Script dann nicht so einfach aktualisieren können und somit potentiell von unterschiedlichen Kunden unterschiedliche Archive erhalten.
Mit 3.0 könnten wir das vermutlich auch über errata Updates aktuell halten, das Problem der unterschiedlichen Archiv-Versionen besteht dann aber weiterhin (nicht installierte errata Updates etc.).
Comment 2 Stefan Gohmann univentionstaff 2012-04-09 13:16:37 CEST
Dann vielleicht besser in einem Scope bauen und veröffentlichen, dann kann es unabhängig von UCS gepflegt werden. Wir müssten das Tool sonst für alle UCS Versionen parallel aktuell halten.
Comment 3 Janis Meybohm univentionstaff 2013-04-25 12:43:29 CEST
Wir sollten eine Version für aktuelle UCS-Systeme ausliefern dir sich selbst aktualisieren kann. Zusätzlich können wir das Paket per Errata aktuell halten um auch Systeme ohne Internetzugang zu aktualisieren (evtl. kann das Script auch in den neuen rsync Repository-Mechanismus integriert werden?)

Das Script sollte allerdings bei jeder Ausführung ohne Internetzugang eine Warnung ausspucken (evtl. nur wenn es älter ist als 30-60 Tage) dass es sich nicht aktualisieren konnte und daher evtl. nicht alle von uns (Support) erwarteten Informationen enthält.
Comment 4 Arvid Requate univentionstaff 2013-09-16 18:32:53 CEST
We now have a package univention-support-info. The script as been adjusted to activate the component repository/online/component/support and perform an access check to apt.software-univention.de. Then it simply runs univention-install on itself. If any of this returns an error, it checks the age of the file and issues an interactive warning if it's older than 30 days. The script finally re-execs itself in case a new package version was installed.

* This still requires some test setup, currently the corresponding component is not yet available:

WARNING: repository/online/component/support not reachable on repository/online/server ( testing.univention.de )

* Tests with missing connection to an online repository are required as well.
Comment 5 Janis Meybohm univentionstaff 2013-10-21 12:32:28 CEST
(In reply to Arvid Requate from comment #4)
> perform an access check to apt.software-univention.de.

We should use the official repository server: updates.software-univention.de
Comment 6 Janis Meybohm univentionstaff 2013-10-21 15:40:41 CEST
Documentation may be placed in the official manual and should contain all informations from http://sdb.univention.de/1174 (upload, enctypt etc.)
Comment 7 Michael Grandjean univentionstaff 2015-06-02 19:46:47 CEST
Requested during technical training.
Comment 8 Philipp Hahn univentionstaff 2016-02-23 11:33:59 CET
Latest version is in trunk/internal/univention-support-info/
We have packaged several older versions in branches/, which try(?) to download the latest version (or should do so).

We should change those packages versions to automatically fetch the latest version from trunk/ so we only have to maintain one location.
Comment 9 Michael Grandjean univentionstaff 2016-06-27 09:36:30 CEST
Requested again via 2016062421000429
Comment 10 Stephan Hendl 2016-07-14 17:54:43 CEST
Well, it would be awesome to have the univention-support-info script within a shipped package! Everytime I have to use it I have to search the web for the right wget command...
Comment 11 Stephan Hendl 2017-02-01 08:46:59 CET
Well, this ticket is nearly 5 years old! 

Maybe it is a good point to start a new investigation. As I've discussed with several guys from the Univention staff at the Univention Summit last week a package with a script included what downloads the "real" USI-script from the Internet, executes it and send the report back to univention would be a good solution. With that behavior it is confirmed that always the latest version of the USI-script will be used.
Comment 12 Florian Best univentionstaff 2017-02-01 09:42:15 CET
(In reply to Stephan Hendl from comment #11)
> Well, this ticket is nearly 5 years old! 
> 
> Maybe it is a good point to start a new investigation. As I've discussed
> with several guys from the Univention staff at the Univention Summit last
> week a package with a script included what downloads the "real" USI-script
> from the Internet, executes it and send the report back to univention would
> be a good solution. With that behavior it is confirmed that always the
> latest version of the USI-script will be used.
This is targeted in Bug #29191, a prototype is already attached.
Comment 13 Stephan Hendl 2017-02-01 09:45:49 CET
(In reply to Florian Best from comment #12)

> This is targeted in Bug #29191, a prototype is already attached.

An UMC module is nice but would I prefer a commandline tool.
Comment 14 Florian Best univentionstaff 2017-02-01 09:48:49 CET
(In reply to Stephan Hendl from comment #13)
> (In reply to Florian Best from comment #12)
> 
> > This is targeted in Bug #29191, a prototype is already attached.
> 
> An UMC module is nice but would I prefer a commandline tool.

Yes, the package ships also an CLI tool.
Comment 15 Stephan Hendl 2018-02-05 14:51:52 CET
Well, as discussed with Stefan and CHristina at Univention Summit 2018 some additional cli switches would be nice:

--upload-to-univention -> copies the file to upload.univention.de
--add-to-ticket <Ticket-Id> -> adds the file to the ticket number instead 
  creating a new one
--copy-to-folder <folder>
--copy-to-share <share name \\server\share> -> copies the file to a given share
--user 
--password (optional)
Comment 16 univention 2018-02-07 14:00:06 CET
Created attachment 9379 [details]
univention-support-info

(In reply to Stephan Hendl from comment #15)
> Well, as discussed with Stefan and CHristina at Univention Summit 2018 some
> additional cli switches would be nice:
> 
> --upload-to-univention -> copies the file to upload.univention.de
> --add-to-ticket <Ticket-Id> -> adds the file to the ticket number instead 
>   creating a new one
> --copy-to-folder <folder>
> --copy-to-share <share name \\server\share> -> copies the file to a given
> share
> --user 
> --password (optional)

I created such a script, which is attached here, (and maybe further developed in https://github.com/spaceone/univention-corporate-server/blob/fbest/univention-system-information/management/univention-support-info/univention-support-info).

The script has the following usage:

usage: univention-support-info [-h] [--upload-to-univention] [--sender SENDER]
                               [--recipient RECIPIENT]
                               [--add-to-ticket ticket]
                               [--copy-to-folder folder] [--encrypt]

optional arguments:
  -h, --help            show this help message and exit
  --upload-to-univention
                        Uploads and sends the file via mail to Univention.
  --sender SENDER       The mail address of the sender. If not given, no
                        archive will be send to Univention.
  --recipient RECIPIENT
                        Recipient of the mail (by default
                        feedback@univention.de).
  --add-to-ticket ticket
                        Adds the file to the ticket number instead of creating
                        a new one.
  --copy-to-folder folder
                        Copies a backup of the generated archives into the
                        specified folder.

  --encrypt             Encrypt the archive and send only the encrypted
                        version to Univention

The scripts needs to run as root!
I did not implement the "--copy-to-share" option and --username/--password is not necessary.

The script might not work anymore if e.g. the upstream USI script has major changes or the response of the file upload service changes.
The script caches a downloaded USI script and uses this if there is no newer variant.

The underlying library "python-request" probably verifies the HTTPS connections. I think it would be a nice improvement to add a integrity check for the downloaded file as well, so that MITM attacks are absolutely prevented.
Comment 17 Nico Stöckigt univentionstaff 2018-10-25 18:37:22 CEST
I've change the receiver e-mail address to 'support@univention.de' and tested the script with current UCS 4.3 flawlessly. However there are still some aspects to be integrated like

 - splitting huge usi archive
 - changing defaults over time (ask for T#, save 'sender' to ucr,...)

So far the script is ready to be packetized and be shipped.
Comment 18 Nico Stöckigt univentionstaff 2018-11-15 11:39:43 CET
There is a waiting git pull request at https://github.com/nstoeckigt/univention-corporate-server/pull/1
Comment 20 Florian Best univentionstaff 2021-09-25 09:47:25 CEST
It seems my script is already part of git@git.knut.univention.de:univention/internal/univention-support-info.git.
We need to copy it to the UCS package.
Do we need to make a checksum test of the downloaded version?
Comment 21 Florian Best univentionstaff 2021-09-27 13:38:49 CEST
We should consider a versioning scheme:

Download a different script for UCS 4.x than for UCS 5.1 (5.0) - one with a Python 2.7 hashbang the other with Python 3.
Comment 22 Philipp Hahn univentionstaff 2021-09-28 07:02:49 CEST
(In reply to Florian Best from comment #21)
> We should consider a versioning scheme:
> 
> Download a different script for UCS 4.x than for UCS 5.1 (5.0) - one with a
> Python 2.7 hashbang the other with Python 3.

UCS-4.4 will we out-of-maintenance soon ~ 1y
After that we only need the UCS-5 version for Python3.
Comment 23 Christina Scheinig univentionstaff 2021-09-28 09:04:42 CEST
(In reply to Philipp Hahn from comment #22)
> (In reply to Florian Best from comment #21)
> > We should consider a versioning scheme:
> > 
> > Download a different script for UCS 4.x than for UCS 5.1 (5.0) - one with a
> > Python 2.7 hashbang the other with Python 3.
> 
> UCS-4.4 will we out-of-maintenance soon ~ 1y
> After that we only need the UCS-5 version for Python3.

Yes, but we will still need this in support for older versions. To switch back  to the ftp version, for older versions, is not a good option.

I think we cannot handle this, like the "normal" maintenance cycle.
Comment 24 Florian Best univentionstaff 2021-09-28 11:10:11 CEST
An alternative to shipping this would be to make this installable via `pip install univention-support-info`.
But hm, this requires a internet connection which might be broken.
Comment 25 Florian Best univentionstaff 2021-09-28 11:18:18 CEST
(In reply to Philipp Hahn from comment #22)
> (In reply to Florian Best from comment #21)
> > We should consider a versioning scheme:
> > 
> > Download a different script for UCS 4.x than for UCS 5.1 (5.0) - one with a
> > Python 2.7 hashbang the other with Python 3.
> 
> UCS-4.4 will we out-of-maintenance soon ~ 1y
> After that we only need the UCS-5 version for Python3.

Oh, and the script only uses univention.config_registry as UCS dependencies.
In UCS 4.4 Python3.5 is installed.
I think we can create a version which works with that.
Comment 26 Florian Best univentionstaff 2022-10-13 20:57:45 CEST
I merged your MRs now:

univention-support-info (6.0.0-4)
281224492f21 | feat: added utility classes for downloading files and GPG handling
8ff544ffae2b | feat: Debian package info taken from UCS

univention-support-info.yaml
580933bfb0fc | Bug #26684: Merge branch 'nradovanovic/26684-package-univention-support-info' into 5.0-2
14f5bad3a8d5 | Bug #26684: move repository to https://git.knut.univention.de/univention/components/univention-support-info

univention-support-info (6.0.0-4)
1bc3957d5802 | Bug #26684: remove univention-support-info

And built via:
repo_admin.py -G git@git.knut.univention.de:univention/components/univention-support-info.git -b master -P . -p univention-support-info -r 5.0 -s errata5.0-2 && b50-scope errata5.0-2 univention-support-info
Comment 29 Florian Best univentionstaff 2022-11-14 17:36:32 CET
OK: a new script "univention-report-support-info" downloads and replaces the shipped USI script if the provided signature validates against /etc/apt/trusted.gpg.d/univention-archive-key-ucs-*.gpg
OK: email can be sent to univention with supplying a ticket number (if local email relay host settings are done)
OK: USI can be encrypted and other optional arguments of USI can be supplied
OK: YAML
OK: univention-support-info has been moved into git@git.knut.univention.de:univention/components/univention-support-info.git

# univention-report-support-info -h
usage: univention-report-support-info [-h] [--upload-to-univention]
                                      [--sender SENDER]
                                      [--recipient RECIPIENT]
                                      [--add-to-ticket TICKET]
                                      [--output DIRECTORY] [--encrypt]
                                      [--full-logs] [--flat] [--quiet]
                                      [--debug]

Wrapper for USI script. Downloads the latest USI version, executes it, uploads
resulting archive to Univention and attach it to a support ticket.

optional arguments:
  -h, --help            show this help message and exit
  --upload-to-univention
                        Uploads the resulting USI archive to the Univention
                        upload service.
  --sender SENDER       The mail address of the sender. If given, the upload
                        ID is send to the Univention Support.
  --recipient RECIPIENT
                        Recipient of the mail (default:
                        support@univention.de).
  --add-to-ticket TICKET
                        Adds the file to the ticket number instead of creating
                        a new one.
  --output DIRECTORY    Keep the resulting USI archive in the specified
                        directory.

univention-support-info arguments:
  --encrypt             Encrypt the archive and send only the encrypted
                        version to Univention
  --full-logs           collect also rotated logfiles
  --flat                flatten the directory structure
  --quiet               Almost no output
  --debug               enable debug